1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
.\" $NetBSD: creds_msdos.8,v 1.6 2024/05/13 23:10:47 gutteridge Exp $
.\"
.\" Copyright (c) 2019 Matthew R. Green
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd June 10, 2019
.Dt CREDS_MSDOS 8
.Os
.Sh NAME
.Nm creds_msdos
.Nd automatically add login credentials from MS-DOS partition
.Sh SYNOPSIS
.Nm
.Ar start
.Sh DESCRIPTION
The
.Nm
rc.d script allows automatic addition of login credentials during boot
using a special file found on the MS-DOS partition of a bootable image.
This script is not distributed with the normal system and is only
included with pre-installed bootable images.
The goal is to allow remote access of the system without having to
edit the primary root file system (which may not be accessible from
the host the image is being written from), but place this information
in the MS-DOS partition that most platforms can easily access.
.Pp
Typically, an installable image (such as
.Pa arm64.img )
is written to an SD card or similar media, and has both a native FFS
partition as well as an MS-DOS partition for booting.
If this script is enabled and has been pointed at the boot partition
it will inspect the file
.Pa creds.txt
for any credentials to be added to the system.
.Pp
The following list gives the supported options in the credentials files.
In all cases
.Ar user
is the username to be created, and the user will be added to the
.Ql wheel
group.
.Bl -tag -width Ic
.\"
.It Ic sshkeyfile Ar user Ar keyfile
Look for the
.Ar keyfile
in the MS-DOS boot partition and merge ssh keys from this file into user's
.Pa ~/.ssh/authorized_keys
file.
.\"
.It Ic sshkey Ar user Ar keystring
Add the
.Ar keystring
to the user's
.Pa ~/.ssh/authorized_keys
file.
.\"
.It Ic useraddpwhash Ar user Ar pwhash
Use
.Ar pwhash
as the users's password hash.
.\"
.It Ic useradd Ar user Ar password
Use
.Ar password
as the users's unencrypted raw password that will be hashed.
.Pp
This method is
.Em not recommended
as it leaves unencrypted passwords around until such time that the script runs.
If this method is used then the
.Pa creds.txt
file will be shredded and deleted using
.Ql rm -P
after the credentials are updated.
.El
.Sh FILES
.Pa /boot/creds.txt
.Sh SEE ALSO
.Xr pwhash 1 ,
.Xr rm 1 ,
.Xr ssh 1 ,
.Xr ssh_config 5 ,
.Xr mount_msdos 8 ,
.Xr sshd 8 ,
.Xr useradd 8
.Sh HISTORY
The
.Nm
script appeared in
.Nx 9.0 .
.Sh AUTHORS
.An Matthew R. Green Aq Mt mrg@eterna23.net .
|
